Configure HealthCheck with podman update

[Honny1]

New flags in a podman update can change the configuration of HealthCheck when the container is started, without having to restart or recreate the container.

This can help determine why a given container suddenly started failing HealthCheck without interfering with the services it provides. For example, reconfigure HealthCheck to keep logs longer than the usual last X results, store logs to other destinations, etc.

These flags are added to the podman update command:

• --health-cmd string: set a healthcheck command for the container ('none' disables the existing healthcheck)
• --health-interval string: set an interval for the healthcheck (a value of disable results in no automatic timer setup)(Changing this setting resets timer.) (default "30s")
• --health-log-destination string:  set the destination of the HealthCheck log. Directory path, local or events_logger (local use container state file)(Warning: Changing this setting may cause the loss of previous logs.) (default "local")
• --health-max-log-count uint: set maximum number of attempts in the HealthCheck log file. ('0' value means an infinite number of attempts in the log file) (default 5)
• --health-max-log-size uint: set maximum length in characters of stored HealthCheck log. ('0' value means an infinite log length) (default 500)
• --health-on-failure string: action to take once the container turns unhealthy (default "none")
• --health-retries uint: the number of retries allowed before a healthcheck is considered to be unhealthy (default 3)
• --health-start-period string: the initialization time needed for a container to bootstrap (default "0s")
• --health-startup-cmd string: Set a startup healthcheck command for the container
• --health-startup-interval string: Set an interval for the startup healthcheck. Changing this setting resets the timer, depending on the state of the container. (default "30s")
• --health-startup-retries uint: Set the maximum number of retries before the startup healthcheck will restart the container
• --health-startup-success uint: Set the number of consecutive successes before the startup healthcheck is marked as successful and the normal healthcheck begins (0 indicates any success will start the regular healthcheck)
• --health-startup-timeout string: Set the maximum amount of time that the startup healthcheck may take before it is considered failed (default "30s")
• --health-timeout string:  the maximum time allowed to complete the healthcheck before an interval is considered failed (default "30s")
• --no-healthcheck: Disable healthchecks on container

Fixes: https://issues.redhat.com/browse/RHEL-60561

Does this PR introduce a user-facing change?

Configure HealthCheck with podman update

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Honny1
Once this PR has been reviewed and has the lgtm label, please assign mheon for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[packit-as-a-service]

Ephemeral COPR build failed. @containers/packit-build please check.

[Luap99]

not really a full review just a quick look:

Can you remove all the flag description from the commit? I do not see how they add any value there. If I want to know what a flag does one should look at the docs or I can see that already in the diff here anyway.

[Luap99]

all these strings seem to be used in many places so can you define them as constants somewhere, ie. libpod/define and then use the constants over the string duplication

[Honny1]

Thanks, I have an idea of how to simplify it overall.

[mheon]

What does this mean?

[Honny1]

My note, I'll delete it.

[mheon]

"Updates the configuration of an existing container, allowing changes to resource limits and healthchecks"

[mheon]

This and startupHealthCheck should be pointers - will make returning nil a lot easier

[mheon]

I think you can JSONDeepCopy this and save a lot of code

[mheon]

Same here, investigate JSONDeepCopy, I don't think this is performance critical at all.

[mheon]

I don't like leaking entities into Libpod. Maybe move UpdateHealthCheckConfig into libpod and make the entities version just contain it?

[mheon]

Actually, no. We should probably move this parsing code out of Libpod. Instead we should accept a manifest.Schema2HealthConfig and define.StartupHealthCheck in Update in libpod, and do all the validation in the frontend.

[mheon]

If you're calling this from Update() this is unnecessary, we only want one and it should be in Update itself

[Honny1]

@mheon and @Luap99 I have edited the PR according to your comments.

[mheon]

noHealthCheck can probably be healthCheckConfig == nil

[mheon]

And I think we might want to compute changedTimer in here, instead of requiring the user pass it in - moving the rest of the parsing out of libpod was good but this was maybe a step too far.

[mheon]

Maybe make a GlobalHealthCheckOptions struct that contains all of these? Arguments list is a little long

[mheon]

Maybe Paused as well? Do we stop the timers when we pause a container?

[mheon]

Hm. I think we hit this if we add a startup healthcheck to a running container that did not previously have a startup healthcheck. We probably don't want to do that, so we should set StartupHCPassed to true when adding a startup healthcheck to a running container that doesn't have one already

[mheon]

This can be combined with the following line

[mheon]

This is basically identical to updateHealthCheckConfiguration minus a few variables; can the two be refactored to share code? It seems like everything from line 2805 on is basically identical.

[mheon]

Probably unnecessary; we can just use Update

[TomSweeneyRedHat]

Suggested change

	Changing this setting resets timer.
	Changing this setting resets the timer.

[TomSweeneyRedHat]

Suggested change

	// HealthOnFailure set action to take once the container turns unhealthy.
	// HealthOnFailure set the action to take once the container turns unhealthy.

[TomSweeneyRedHat]

A couple of small nits. Once @mheon 's concerns are addressed, LGTM

[Luap99]

@edsantiago Mind looking at the sys tests?

[Luap99]

there is a lot of duplication here, first you can use elif to avoid one layer of nesting

In general it is hard for the reader to figure out the differences, you should split out the run_podman call and only do the stuff that is different in there, i.e. define a hc_flags arrray where you add the flags too and then to the run_podman call below which would make this a lot simpler.

[edsantiago]

Second, what Paul said

[Luap99]

Adding random sleeps is very bad you tests are adding over 20s of CI time doing nothing but sleeping, this is very wasteful.

Is there a way we can combine the test cases to avoid adding so much sleeps. And if we know one things sleeps means flakes so this is not very good. If there is no way to avoid it then at the very least all these testsshoul dbe run in parallel to not waste so much time

[Luap99]

I have no idea why we decided to send a full specgen when the server does not understand most of it but doesn't the specgen already contain all the healtchcheck settings? So it seems wasteful and confusing to send yet another type? Am I missing something?

[edsantiago]

DIE and DRY are critical concepts in software development. I encourage you to develop a mindset where you're looking for duplication and, each time you see it, or each time you find yourself copypasting, taking a step back to ask yourself how you can eliminate it.

Once you clean up all my suggestions below, I bet you might even find more, and I bet you can then find a way to make the test table-driven which is even better.

And then, of course, please add # bats test_tags=ci:parallel

[edsantiago]

There is so much duplication here that it will become a maintenance nightmare. First and most obvious, ctrname and msg are never used by the caller. There is no reason to pass them as parameters. They should be defined in here.

[edsantiago]

Second, what Paul said

[edsantiago]

Third, this is a completely unnecessary argument. It is identical to $format except in the health-on-failure test where I have no idea if that's a dup-typo or intentional. Please eliminate this.

[edsantiago]

There's almost no need for this one, either. It is almost always identical to $value. Therefore, the logic should be:

    local expect="${6:-$5}"

so the caller can then use "" to reduce duplication.

[edsantiago]

These can be collapsed into a type option (choose a better name please) with values "" (third condition), "nohc" (second), "startup" (first).